= HTTPS =
= With Self-Signed Certificates =
In this Lab, we will install a web server (Apache2) and enable HTTPS using self-signed SSL certificates. Lab session has to be done in the Ubuntu VM.
== Install Apache2 ==
Apache is a web server application that is widely used on the internet for more than 20 years, and it is a well-documented piece of Free and Open Source Software managed by the Apache Foundation.
(https://httpd.apache.org/)
Before installing, we need to update our repositories.
{{{
sudo apt-get update
}}}
Once the repo lists are updated run,
{{{
sudo apt-get install apache2
}}}
When asked, press '''Y''' and hit '''Enter''' to continue, and the installation will proceed.
Check installed apache version details by issuing,
{{{
$ apache2 -v
}}}
Now go to your host machine. Open a web browser and type the IP address of your Ubuntu VM. You will get the Apache default page.
== Self-Signed Certificate ==
Use the following command to create the certificate and the key.
{{{
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache_prv.key -out /etc/ssl/certs/apache_crt.crt
}}}
You will be asked series of questions; answer them carefully.
{{{
Country Name (2 letter code) [AU]:LK
State or Province Name (full name) [Some-State]:Kandy
Locality Name (eg, city) []:Peradeniya
Organization Name (eg, company) [Internet Widgits Pty Ltd]:YourInst
Organizational Unit Name (eg, section) []:IT Team
Common Name (e.g. server FQDN orYOUR name) []:
Email Address []:info@yourname.ac.lk
}}}
Once finished, it will create two files in '''/etc/ssl'''. Private will be saved as apache_prv.key, and certificate will be saved as apache_crt.crt
== Configure apache ==
let us create virtual host files for the web
{{{
sudo nano /etc/apache2/sites-available/lab.conf
}}}
Include the following
{{{
ServerAdmin admin@yourname.ac.lk
ServerName
DocumentRoot /var/www/html
Require all granted
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache_crt.crt
SSLCertificateKeyFile /etc/ssl/private/apache_prv.key
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
}}}
Now enable this site and SSL by
{{{
sudo a2enmod ssl
sudo a2ensite lab.conf
}}}
Try browsing from your host machine https://, and you will be warned about the untrusted connection as it is a self-signed authentication.
= HTTPS with Let's Encrypt =
Prior to enabling HTTPS via let's encrypt, you need to satisfy the following;
* You have public IP connectivity.
* Both HTTP and HTTPS are enabled from firewall/s.
* HTTP site is working. If you have multiple webserver virtual hosts, make sure the '''!ServerName''' attribute in every host config file is correctly populated.
* Proper DNS values are assigned to your IP address.
Follow the guideline from the official certbot. (These steps can change time to time, so always refer the original site.)
{{{
https://certbot.eff.org/lets-encrypt/ubuntufocal-apache
}}}